« What is ORE, really? (A personal viewpoint) | Main | What is ORE for, really? »

February 19, 2009

Software as a disservice

I note from the UK Federation home page that the:

federation uses the standards-based Shibboleth software, developed by the Internet2 community in the United States. Shibboleth defines a common framework for access management that is being adopted by education and commercial sectors across the world.

A point echoed on their How it works page:

The UK federation uses the standards based Shibboleth software, developed by the Internet 2 community in the United States to facilitate the sharing of web resources that are subject to access control.

How odd... I've always understood the Federation to be based on an open standard, SAML to be precise, not on a particular piece of software, open-source or otherwise, and indeed this point is confirmed in the Federation's technical recommendations:

The UK federation uses the Security Assertion Markup Language (SAML) standards for the communication of authentication, entitlement and attribute information. The core of the federation is implemented using the Shibboleth software from Internet2. It is recognised, however, that any particular software implementation may not be suitable for all participants, and federation members may deploy any software that meets their specific service goals.

A perfectly reasonable statement.

Interestingly, I am often guilty of confusing the two (and I see the same thing happening with colleagues here at Eduserv), using the word Shibboleth effectively as shorthand for 'a profile of SAML'.  This confusion is a mistake and does significant harm to the community IMHO.

Open-source is fine and dandy but open standards are much more important and the effective positioning of a particular open source package into a psuedo-monopolistic position does nobody any favours.  That's the position we were trying to move away from as a community!  Shibboleth is to federated access management in the UK what Hoover used to be to vacuum cleaners.  This is great if you are trying to promote a single product but very poor if you are trying to build an open community.


TrackBack URL for this entry:

Listed below are links to weblogs that reference Software as a disservice:


You're right, Andy. Thanks for the reminder.

I think this is a point where the UK federation is technically correct in how it describes itself. The UK federation physical service uses Shibboleth software code for the WAYF, metadata handling etc. etc., so the UK federation does indeed 'use' shibboleth - more correctly described as shibboleth for the 'core service' in the technical recommendations. It is just a statement of fact and is more accurate than saying it uses SAML for its core service as it is pin-pointing the actual implementation of SAML it uses.

In terms of recommendations for what software is used by institutions or organisations wishing to install an Identity Provider or Service Provider, I think all of the instructions are clear that institutions only need to use SAML compliant software and it can be of any known flavour - Shibboleth, Guanxi, OpenAthens and we've even managed to cope with the Macrovision eRights software.

The Eduserv pages are very similar in terms of language use: "Engaging with Shibboleth-based federations through OpenAthens also allows entirely seamless transition from your existing Athens service". Does this mean that OpenAthens doesn't work with non-Shibboleth based Federations such as Feide? :-)

@Nicole - I suppose it depends on what you mean by 'the UK Federation'? For me, that phrase refers to the 'whole' (all the participating members and the central coordinating body), not just to the 'coordinating body' (the physical service) - I'd guess that is how most people would interpret that phrase.

Re: Eduserv's use of 'Shibboleth-based federations'. Yes, that was the point I was making. We are no better or worse in this respect. We are in a position where we all use the word 'Shibboleth' loosely and this is a problem because one person can use it in one way but be mis-interpretted as using it in another way.

The comments to this entry are closed.



eFoundations is powered by TypePad